Differentially Private Oblivious RAM

Wagh, Sameer; Cuff, Paul; Mittal, Prateek

doi:10.1515/popets-2018-0032

Cited by 27 publications

(24 citation statements)

References 41 publications

(64 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This work directly inspired us to consider a more general approach to modeling leakage in secure computation through differential privacy. Wagh et al [35] define and construct differentially private ORAM in which the server's views are "similar" on two neighboring access patterns. They consider the client/server model, and don't consider using their construction in a secure computation, but it is very interesting to note that we could use their result in a generic way to build a protocol for generic secure computation with differentially private access patterns.…”

Section: Contributions and Related Workmentioning

confidence: 99%

Secure Computation with Differentially Private Access Patterns

Mazloom

Gordon

2018

Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

We explore a new security model for secure computation on large datasets. We assume that two servers have been employed to compute on private data that was collected from many users, and, in order to improve the efficiency of their computation, we establish a new tradeoff with privacy. Specifically, instead of claiming that the servers learn nothing about the input values, we claim that what they do learn from the computation preserves the differential privacy of the input. Leveraging this relaxation of the security model allows us to build a protocol that leaks some information in the form of access patterns to memory, while also providing a formal bound on what is learned from the leakage.We then demonstrate that this leakage is useful in a broad class of computations. We show that computations such as histograms, PageRank and matrix factorization, which can be performed in common graph-parallel frameworks such as MapReduce or Pregel, benefit from our relaxation. We implement a protocol for securely executing graph-parallel computations, and evaluate the performance on the three examples just mentioned above. We demonstrate marked improvement over prior implementations for these computations.

show abstract

Section: Contributions and Related Workmentioning

confidence: 99%

Secure Computation with Differentially Private Access Patterns

Mazloom

Gordon

2018

Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…In addition to the prior work [5,19,24] that a empted to combine DP and secure computation techniques in order to scale-up the PRL problem, there are other e orts that take similar approaches, but focus on solving di erent problems. Wagh et al [39] formalized the notion of di erentially private oblivious RAM (DP ORAM) and their corresponding protocols signi cantly improved the bandwidth overheads with a relaxed privacy guarantee. is privacy notion considers a client-server model where all data sit on a single server, while DPRL considers two party computation.…”

Section: Related Workmentioning

confidence: 99%

Composing Differential Privacy and Secure Computation

Machanavajjhala

Flynn

et al. 2017

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Private record linkage (PRL) is the problem of identifying pairs of records that are similar as per an input matching rule from databases held by two parties that do not trust one another. We identify three key desiderata that a PRL solution must ensure: (1) perfect precision and high recall of matching pairs, (2) a proof of end-to-end privacy, and (3) communication and computational costs that scale subquadratically in the number of input records. We show that all of the existing solutions for PRL-including secure 2-party computation (S2PC), and their variants that use non-private or differentially private (DP) blocking to ensure subquadratic cost -violate at least one of the three desiderata. In particular, S2PC techniques guarantee end-to-end privacy but have either low recall or quadratic cost. In contrast, no end-to-end privacy guarantee has been formalized for solutions that achieve subquadratic cost. This is true even for solutions that compose DP and S2PC: DP does not permit the release of any exact information about the databases, while S2PC algorithms for PRL allow the release of matching records.In light of this deficiency, we propose a novel privacy model, called output constrained differential privacy, that shares the strong privacy protection of DP, but allows for the truthful release of the output of a certain function applied to the data. We apply this to PRL, and show that protocols satisfying this privacy model permit the disclosure of the true matching records, but their execution is insensitive to the presence or absence of a single non-matching record. We find that prior work that combine DP and S2PC techniques even fail to satisfy this end-to-end privacy model. Hence, we develop novel protocols that provably achieve this end-to-end privacy guarantee, together with the other two desiderata of PRL. Our empirical evaluation also shows that our protocols obtain high recall, scale near linearly in the size of the input databases and the output set of matching pairs, and have communication and computational costs that are at least 2 orders of magnitude smaller than S2PC baselines.

show abstract

“…Once again, this construction seems to be the best privacy that can be achieved by any DP-RAM scheme with only O(1) overhead over the baseline, unprotected storage access due to our lower bounds. Our scheme improves on prevous DP-RAM schemes in [50] which starts from Path ORAM [48] and degrades security to improve efficiency. For their scheme to achieve even client storage of O( √ n), their construction recursively stores position maps which costs both logarithmic overhead and client-to-server roundtrips.…”

Section: Introductionmentioning

confidence: 99%

“…Related Work. DP-RAM was considered previously in [50] which present a construction based on Path ORAM [48]. However, their scheme requires recursively stored position maps which requires Θ(log n) client-to-server roundtrips to get client storage of even O( √ n).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

What Storage Access Privacy is Achievable with Small Overhead?

Patel

Persiano

Yeo

2019

Proceedings of the 38th ACM SIGMOD-SIGACT-SIGAI Symposium on Principles of Database Systems

View full text Add to dashboard Cite

Oblivious RAM (ORAM) and private information retrieval (PIR) are classic cryptographic primitives used to hide the access pattern to data whose storage has been outsourced to an untrusted server. Unfortunately, both primitives require considerable overhead compared to plaintext access. For large-scale storage infrastructure with highly frequent access requests, the degradation in response time and the exorbitant increase in resource costs incurred by either ORAM or PIR prevent their usage. In an ideal scenario, a privacypreserving storage protocols with small overhead would be implemented for these heavily trafficked storage systems to avoid negatively impacting either performance and/or costs. In this work, we study the problem of the best storage access privacy that is achievable with only small overhead over plaintext access.To answer this question, we consider differential privacy access which is a generalization of the oblivious access security notion that are considered by ORAM and PIR. Quite surprisingly, we present strong evidence that constant overhead storage schemes may only be achieved with privacy budgets of ϵ = Ω(log n). We present asymptotically optimal constructions for differentially private variants of both ORAM and PIR with privacy budgets ϵ = Θ(log n) with only O(1) overhead. In addition, we consider a more complex storage primitive called key-value storage in which data is indexed by keys from a large universe (as opposed to consecutive integers in ORAM and PIR). We present a differentially private key-value storage scheme with ϵ = Θ(log n) and O(log log n) overhead. This construction uses a new oblivious, two-choice hashing scheme that may be of independent interest.

show abstract

Differentially Private Oblivious RAM

Cited by 27 publications

References 41 publications

Secure Computation with Differentially Private Access Patterns

Secure Computation with Differentially Private Access Patterns

Composing Differential Privacy and Secure Computation

What Storage Access Privacy is Achievable with Small Overhead?

Contact Info

Product

Resources

About